diff --git a/.env.example b/.env.example
index 6d3b3de..f9a7549 100644
--- a/.env.example
+++ b/.env.example
@@ -16,3 +16,5 @@ UI_PORT=6601
 # Again, probably right. Do not put a trailing /
 UI_PUBLIC_URI=http://localhost:6601
 API_PUBLIC_URI=http://localhost:6609
+
+ALLOWED_CALLBACK_HOSTS=http://localhost:6601,https://stage.roleypoly.com,https://next.roleypoly.com,https://roleypoly.com,https://*.roleypoly.pages.dev
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 81b55ad..b98bd6b 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -78,4 +78,9 @@ variable "bot_tag" {
   type        = string
   default     = ""
   description = ":tag or @sha265: of ghcr.io/roleypoly/bot"
-}
\ No newline at end of file
+}
+
+variable "allowed_callback_hosts" {
+  type    = string
+  default = ""
+}
diff --git a/terraform/variables/prod.tfvars b/terraform/variables/prod.tfvars
index ff03e50..24b8252 100644
--- a/terraform/variables/prod.tfvars
+++ b/terraform/variables/prod.tfvars
@@ -15,5 +15,6 @@ ui_hostnames = [
   "next.roleypoly.com",
   "web-prod.roleypoly.com"
 ]
-ui_public_uri  = "https://next.roleypoly.com"
-api_public_uri = "https://api-prod.roleypoly.com"
\ No newline at end of file
+ui_public_uri          = "https://next.roleypoly.com"
+api_public_uri         = "https://api-prod.roleypoly.com"
+allowed_callback_hosts = "https://roleypoly.com,https://next.roleypoly.com"
\ No newline at end of file
diff --git a/terraform/variables/stage.tfvars b/terraform/variables/stage.tfvars
index fbc5cd8..766ed03 100644
--- a/terraform/variables/stage.tfvars
+++ b/terraform/variables/stage.tfvars
@@ -8,5 +8,6 @@ ui_hostnames = [
   "stage.roleypoly.com",
   "web-stage.roleypoly.com"
 ]
-ui_public_uri  = "https://stage.roleypoly.com"
-api_public_uri = "https://api-stage.roleypoly.com"
\ No newline at end of file
+ui_public_uri          = "https://stage.roleypoly.com"
+api_public_uri         = "https://api-stage.roleypoly.com"
+allowed_callback_hosts = "https://roleypoly.com,https://stage.roleypoly.com,https://*.roleypoly.pages.dev"
\ No newline at end of file
diff --git a/terraform/workers.tf b/terraform/workers.tf
index 9c9546a..1904726 100644
--- a/terraform/workers.tf
+++ b/terraform/workers.tf
@@ -54,6 +54,11 @@ resource "cloudflare_worker_script" "backend" {
     text = var.api_public_uri
   }
 
+  plain_text_binding {
+    name = "ALLOWED_CALLBACK_HOSTS"
+    text = var.allowed_callback_hosts
+  }
+
   plain_text_binding {
     name = "ROOT_USERS"
     text = join(",", var.root_users)